diff options
| author | Lars Wirzenius <liw@liw.fi> | 2017-02-24 18:24:56 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2017-02-24 18:31:46 +0200 |
| commit | c15a84542bc5febc9103a0ec7ebd5bf9bee9680b (patch) | |
| tree | c6acb1d6a53c39773262f9690784f27b94a860bb /ansible/roles/self-updating-system | |
| parent | 76e43212c908a808ae4c7632c107664b13db5147 (diff) | |
| download | ansibleness-c15a84542bc5febc9103a0ec7ebd5bf9bee9680b.tar.gz | |
Add a role to install and enable unattended-upgrades
Diffstat (limited to 'ansible/roles/self-updating-system')
| -rw-r--r-- | ansible/roles/self-updating-system/files/unattended-upgrades.conf | 18 | ||||
| -rw-r--r-- | ansible/roles/self-updating-system/tasks/main.yml | 10 |
2 files changed, 28 insertions, 0 deletions
diff --git a/ansible/roles/self-updating-system/files/unattended-upgrades.conf b/ansible/roles/self-updating-system/files/unattended-upgrades.conf new file mode 100644 index 0000000..b5d0752 --- /dev/null +++ b/ansible/roles/self-updating-system/files/unattended-upgrades.conf @@ -0,0 +1,18 @@ +// Install in /etc/apt/apt.conf.d/ +// Configure unattended-upgrades to work and to apply security +// updates, and then reboot during the night. + +Unattended-Upgrade::Origins-Pattern { + "origin=Debian,codename=${distro},label=Debian-Security"; +}; + +Unattended-Upgrade::Mail "root"; +Unattended-Upgrade::Remove-Unused-Dependencies "true"; +Unattended-Upgrade::Automatic-Reboot "true"; + +APT::Periodic::Enable "1"; +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Download-Upgradeable-Packages "1"; +APT::Periodic::Unattended-Upgrade "1"; +APT::Periodic::AutocleanInterval "1"; +APT::Periodic::MaxAge "1"; diff --git a/ansible/roles/self-updating-system/tasks/main.yml b/ansible/roles/self-updating-system/tasks/main.yml new file mode 100644 index 0000000..9d27537 --- /dev/null +++ b/ansible/roles/self-updating-system/tasks/main.yml @@ -0,0 +1,10 @@ +- name: install unattended-upgrades + apt: name=unattended-upgrades + +- name: install apt-listchanges + apt: name=apt-listchanges + +- name: configure unattended-upgrades + copy: + src: unattended-upgrades.conf + dest: /etc/apt/apt.conf.d/02upgrades |